January 2018 saw the rise of Meltdown and Spectre vulnerabilities concerning speculative execution side channels. A subclass of speculative execution side-channel vulnerability, termed as Speculative Store Bypass (SSB) was announced by Microsoft in collaboration with Google researchers, and was assigned CVE-2018-3639. While Microsoft released several updates as a fix to this vulnerability, some additional measures have to be followed in order to mitigate it fully. In this article, we will discuss the necessary steps that involve updating few registry settings to be fully protected from this vulnerability.

Affected OS: All supported Microsoft Windows

Solution :

1. Install the patches recommended in the Microsoft advisory for CVE-2018-3639.

Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.

Type FeatureSettingsOverride as the name of the newly-created DWORD and then press Enter.

Double-click the DWORD FeatureSettingsOverride and change the value data field to 64.

Right-click on Memory Management, point to New, and then click DWORD (32-bit) Value.

Type FeatureSettingsOverrideMask as the name of the newly-created DWORD and then press Enter.

Double Click FeatureSettingsOverrideMask and change the value data field to 3.

In Registry Editor, locate the following registry path:HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion and create a key named Virtualization.

Right-click on Virtualization, point to New, and then click on String Value.

Type MinVmVersionForCpuBasedMitigationsas the name of the newly-created String Value and then press Enter.

Double Click MinVmVersionForCpuBasedMitigations and change the value data field to 1.0.

Automate Patching with Saner:

Saner can automate the above patching across the organization with ease. Click here to explore patching steps using Saner.

Saner Personal Users:

1. Download the Processor_mitigation_fix and unzip to get Processor_mitigation_fix.exe2. Open the cmd.exe as ‘Administrator’3. Go the path where exe “Processor_mitigation_fix.exe” is extracted4. Run the below command with “/S” silent option to fully patch this vulnerability.C:\>Processor_mitigation_fix.exe /SThese steps will resolve this vulnerability completely. Saner will stop reporting about this vulnerability from the next manual or scheduled scan.

Note: In case of any issues faced, unzip Processor_mitigation_fix_revert and use the file Processor_mitigation_fix_revert.exe in a manner similar to the one described above.